class CommentsController < ApplicationController
  
  before_filter :login_required, :except => [:show, :index]
  # only webcomic creator and comment user have permission
  before_filter :check_user, :only => [:edit, :update, :destroy]
  
  # GET /comments
  # GET /comments.xml
  def index
    @webcomic = Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comments = @strip.comments #Comment.find(:all)

    respond_to do |format|
      format.html # index.html.erb
      format.xml  { render :xml => @comments }
    end
  end

  # GET /comments/1
  # GET /comments/1.xml
  def show
    @webcomic = Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment = Comment.find(params[:id])

    respond_to do |format|
      format.html # show.html.erb
      format.xml  { render :xml => @comment }
    end
  end

  # GET /comments/new
  # GET /comments/new.xml
  def new
    @webcomic = Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment = Comment.new

    respond_to do |format|
      format.html # new.html.erb
      format.xml  { render :xml => @comment }
    end
  end

  # GET /comments/1/edit
  def edit
    @webcomic ||= Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment ||= Comment.find(params[:id])
  end

  # POST /comments
  # POST /comments.xml
  def create
    @webcomic = Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment = Comment.new(params[:comment])
    @comment.strip = @strip
    @comment.user = current_user
    
    respond_to do |format|
      if @comment.save
        flash[:notice] = 'Comment was successfully created.'
        format.html { redirect_to(webcomic_strip_comments_path(@webcomic, @strip)) }
        format.xml  { render :xml => @comment, :status => :created, :location => @comment }
      else
        format.html { render :action => "new" }
        format.xml  { render :xml => @comment.errors, :status => :unprocessable_entity }
      end
    end
  end

  # PUT /comments/1
  # PUT /comments/1.xml
  def update
    @webcomic ||= Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment ||= Comment.find(params[:id])

    respond_to do |format|
      if @comment.update_attributes(params[:comment])
        flash[:notice] = 'Comment was successfully updated.'
        format.html { redirect_to(webcomic_strip_comments_path(@webcomic, @strip)) }
        format.xml  { head :ok }
      else
        format.html { render :action => "edit" }
        format.xml  { render :xml => @comment.errors, :status => :unprocessable_entity }
      end
    end
  end

  # DELETE /comments/1
  # DELETE /comments/1.xml
  def destroy
    @webcomic ||= Webcomic.find(params[:webcomic_id])
    @strip = Strip.find(params[:strip_id])
    @comment ||= Comment.find(params[:id])
    @comment.destroy

    respond_to do |format|
      format.html { redirect_to( webcomic_strip_comments_path(@webcomic, @strip)) }
      format.xml  { head :ok }
    end
  end
  
  private
  
  def required_login
    redirect_to :controller => :session, :action => :new and return unless logged_in?
  end
    
  def check_user
    @comment = Comment.find(params[:id])
    @webcomic = Webcomic.find(params[:webcomic_id])
    unless @comment.user_id == current_user.id || @webcomic.creator_id == current_user.id
      access_denied
    end
  end
  
  def access_denied
    if logged_in?
      render :text => "You have insufficient permissions", :status => 401
      return false
    else
      super
    end
  end
  
end
